Security Meets Big Data: RSA's New Security Analytics System

Pages

RSA is unveiling a retrofitted appliance that its executives say is the first stage in changing the nature of IT defense, merging security technologies with big data analytics to improve attack detection and analysis capabilities.

RSA is merging some of the features in its enVision security information event management (SIEM) platform into its NetWitness

network appliance

and adding big data analytics capabilities from the Hadoop software framework. Called RSA Security Analytics, the company is using EMC's Greenplum analytics management capabilities, building out a data warehouse for long-term analytical processing.

"The security models that we have been using are no longer effective, and if we're ever going to be in a position to combat the forces against us we have to have different approach to security," said RSA President Art Coviello at a media event unveiling the new system. "For the first time, we have the computing power, storage and bandwidth to leverage these big data analytics capabilities."

The RSA Security Analytics system contains the full reporting and alerting, event processing and network forensics investigative tools in NetWitness along with full content indexing engines to provide free text search as a feature for data mining, metadata tagging and long-term intensive analysis. It uses the enVision SIEM log parsing functionality and device XMLs to capture data from a variety of deployed systems. The NetWitness analytics engine also is combined with the Archer GRC platform and the RSA Data Loss Prevention suite for context, compliance reporting and policy management.

Security industry observers are anticipating a number of big data analytics announcements this year that rely on the Hadoop framework to boost performance of network monitoring systems and faster detection of attacks. IBM and Hewlett-Packard engineers are said to be working on similar integration of the framework for information security. Combined with behavioral analysis and long-term data storage, the goal is to eventually be able to predict potential attacks and quickly identify and eliminate weak points in the corporate network.

Hadoop adds value by enabling enterprises to ingest a large amount and a greater variety of data without being constrained by data formats, said Scott Crawford, research director at Enterprise Management Associates. Crawford said the system that RSA has pieced together gives security threat analysts more flexibility in what they are looking for at the time they are looking for it.

"Combining a couple of different approaches to analytics and back-ending them with a common approach to data really highlights the value of technologies like Hadoop for this purpose," Crawford said. "This is valuable to security in a sense that if you are looking for needles in very large haystacks, it improves your performance."